Polish data protection authority issues €645,000 fine to online retailer
Poland’s Personal Data Protection Office (UODO) this week imposed a PLN 2.8 million (€645,000) fine on online retailer Morele.net for “insufficient organisational and technical safeguards”.
The data breach affected approximately 2.2 million customers who purchased products through one of the group’s nine websites.
The President of UODO stated that Morele.net, “by not using sufficient technical means of data protection, violated, among others specified in art. 5 paragraph 1 letter f GDPR, the principle of confidentiality. As a result, unauthorized access to and access to customer data occurred. The authority considered that an ineffective means of authenticating access to data had been used.
Main fault of Morele.net was not undertaking VAPT ( Vulnerability Analysis and Penetration Testing)
Details at ITGovernance